I am facing a starnge issue with my MWG. If someone needs to activate a license (eg MS visual studio or someother software), its not working unless i add the client IP to GBL. Is this the default behaviour? What could be done to resolve this?

Are you familiar with the wonderfulness of Troubleshooting> Rule Tracing Central?

Pop in the IP of the host that's trying to do that license activation, click go, and you'll see all requests the web gateway is seeing from that host, and the disposition of each request per policy.

Note however you won't see any traffic that your web gateway doesn't, so you may have to look elsewhere (e.g. firewall egress blocks if you're blocking non proxied egress traffic) if the MS license traffic is not going through your proxy.

If you're an explicit proxy shop, don't forget to do ye ole "netsh winhttp import proxy source =ie " thing as Windows boxes seem to need that kick in the pants even when you've set system proxy setting. Microsoft Sysinternals' tcpview.exe run on the client box and sorted by destination address can also be a nice bit of insight over processes on Windows workstations that are trying to send cruft directly to the internet and ignoring any explicit proxy settings. Good luck.

And did you mean the GBL or the GWL? (I'm trying to figure out how blocking a client will help activate a license?). If GBL wasn't a mistake and adding a global block helps your client activate, I suppose that suggests your license server is on your LAN somewhere? If so, perhaps proxy exceptions are needed in your system proxy settings so that traffic that should stay on LAN doesn't get explicitly sent to your web proxy?